{ "name": "Profiling Trafficers: Cerberus", "slug": "profiling-trafficers-cerberus", "description": "This analysis delves into the activities of a group of malware operators known as Cerberus (formerly Amnesia) Team, who specialize in spreading infostealers, particularly in the Commonwealth of Independent States (CIS) region. It provides insights into their operations, tactics, and the evolution of their malware campaigns over time, shedding light on the ever-evolving landscape of cybercriminal activities.", "published": "2024-05-10T07:02:33+00:00", "created_at": "2024-05-10T07:02:33+00:00", "modified_at": "2024-05-10T07:26:58+00:00", "created_at_opencti": "2024-05-10T07:02:33+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-05-05", "2024-05-06", "2024-05-07", "2024-05-08", "2024-05-09", "2024-05-10", "aurora stealer", "casbaneiro", "cybercrime", "dracula stealer (samurai)", "hacking", "infostealer", "lumma stealer", "malware", "metamorfo", "redline", "rhadamanthys stealer", "russia" ], "related_entities": { "observables": [ { "id": "", "name": "5.42.65.36" }, { "id": "", "name": "37.220.87.13" }, { "id": "", "name": "195.10.205.74" }, { "id": "", "name": "147.45.44.5" }, { "id": "", "name": "5.42.65.101" }, { "id": "", "name": "ffadffdb70628e31d82c7f79dbb60ee917f09d47c085a19e1ac6e6e1e35f65d2" }, { "id": "", "name": "ddd48bf86fb56853f8d7ec54bdd9922044f4f6a97aa16c4b1b6da4d162c63f50" }, { "id": "", "name": "e50ffa2b9fd2f72117215aae4bd556181a1c43f0e485ee2ede668ae67ff8b37d" }, { "id": "", "name": "b9161bebfa420e361053fe2d28cbacb9f59e12bb2e9ae6dc241326ec5b32429a" }, { "id": "", "name": "b86815c10b68f1108530338128c8f0a79d358ee91bc43082a2314985fa4db1ba" }, { "id": "", "name": "aa79dd98bfa1024797b92c3016e931180faf9baa462e751a8eb9061fbfd7a06c" }, { "id": "", "name": "9f8a9a96bcd4b50414604cbd67f282226a2af227972833725e133c60da35ad43" }, { "id": "", "name": "7eca655f69b3b43c4f228dbd149b73247166872ba92691f7fb00f7f35bb89e41" }, { "id": "", "name": "48660eb510470d5ebf35a0dfdb4c592117eaec4f07cbf01d428099f052a2fdca" }, { "id": "", "name": "2f51a381d2fc22009dd2e7e27d555b7e10de4fbc954d27e506c5c3ba83481577" }, { "id": "", "name": "24952724df0a06ae1d58350bacc43c37981e46267c9f7575192e222028eb7626" }, { "id": "", "name": "16fbabbe3842fee9262fd42da0151f81e4375652d59b01f75a1f0dff46cda69f" }, { "id": "", "name": "0aa93d611bbbe91ef03cce5ad22160fa4cea54a8e5b322f85be9b2a139e069e2" }, { "id": "", "name": "fc43e409ca887fe8f98079100e54a442b7ab01a2743d7e195ba2c8358a1152df" }, { "id": "", "name": "f1317fa1e70ad44256d1282121c8ad5e12faf9a32fc6b743212726d666408967" }, { "id": "", "name": "c4b216b616c005c7ae84dfbdc5f2a99172825e1ee362555ddad8ed29f23313d6" }, { "id": "", "name": "495d6698ee5c9a61d68bfd5328fa2e0979ff0ae04d1a2655e5d580e73fe6b998" }, { "id": "", "name": "2318f5ddf39a7576e33513557c3af1498e841cef7b36acc53e80ddd700ac0d62" }, { "id": "", "name": "005360f36d6b7bf31717fb5ba88f844bdf5455dfbd9f84894a8c1e53f7f5ef51" } ], "malware": [ { "id": "legacy:malware:2de303a0b8f98950", "name": "Rhadamanthys Stealer", "slug": "rhadamanthys-stealer" }, { "id": "legacy:malware:16baaee80e584ca6", "name": "Dracula Stealer (Samurai)", "slug": "dracula-stealer-samurai" }, { "id": "legacy:malware:de9d59f52e81b0a8", "name": "Casbaneiro", "slug": "casbaneiro" }, { "id": "legacy:malware:9a2a94ea4e7d52e2", "name": "Metamorfo - S0455", "slug": "metamorfo-s0455" }, { "id": "legacy:malware:e887974363cd7a08", "name": "Lumma Stealer", "slug": "lumma-stealer" }, { "id": "legacy:malware:25878cbc384641c1", "name": "Redline", "slug": "redline" }, { "id": "legacy:malware:f8d7ea014cac25bd", "name": "Aurora Stealer", "slug": "aurora-stealer" } ], "intrusion_sets": [ { "id": "dd4a8e33-2ddc-49bc-8568-a85d8eab8452", "name": "Cerberus (ex-Amnesia)", "slug": "cerberus-ex-amnesia" } ], "others": [ { "id": "", "name": "Palau" }, { "id": "", "name": "Northern Mariana Islands" }, { "id": "", "name": "Turkmenistan" }, { "id": "", "name": "Micronesia, Federated States of" }, { "id": "", "name": "Norfolk Island" }, { "id": "", "name": "Monaco" }, { "id": "", "name": "Kiribati" }, { "id": "", "name": "Comoros" }, { "id": "", "name": "Djibouti" }, { "id": "", "name": "Bermuda" }, { "id": "", "name": "Antigua and Barbuda" }, { "id": "", "name": "Anguilla" }, { "id": "", "name": "Virgin Islands, U.S." }, { "id": "", "name": "Virgin Islands, British" }, { "id": "", "name": "Turks and Caicos Islands" }, { "id": "", "name": "Guernsey" }, { "id": "", "name": "Grenada" }, { "id": "", "name": "Greenland" }, { "id": "", "name": "Faroe Islands" }, { "id": "", "name": "Dominica" }, { "id": "", "name": "Cayman Islands" }, { "id": "", "name": "San Marino" }, { "id": "", "name": "New Caledonia" }, { "id": "", "name": "Saint Martin (French part)" }, { "id": "", "name": "Liechtenstein" }, { "id": "", "name": "Isle of Man" }, { "id": "", "name": "Eswatini" }, { "id": "", "name": "Burundi" }, { "id": "", "name": "Martinique" }, { "id": "", "name": "Lesotho" }, { "id": "", "name": "French Polynesia" }, { "id": "", "name": "Cura\u00e7ao" }, { "id": "", "name": "Timor-Leste" }, { "id": "", "name": "Niger" }, { "id": "", "name": "Gambia" }, { "id": "", "name": "Chad" }, { "id": "", "name": "Guinea-Bissau" }, { "id": "", "name": "Guinea" }, { "id": "", "name": "Guadeloupe" }, { "id": "", "name": "French Guiana" }, { "id": "", "name": "Saint Lucia" }, { "id": "", "name": "Bhutan" }, { "id": "", "name": "Sierra Leone" }, { "id": "", "name": "Belize" }, { "id": "", "name": "Barbados" }, { "id": "", "name": "Macao" }, { "id": "", "name": "Liberia" }, { "id": "", "name": "Iceland" }, { "id": "", "name": "Suriname" }, { "id": "", "name": "Bahamas" }, { "id": "", "name": "Saint Kitts and Nevis" }, { "id": "", "name": "Cabo Verde" }, { "id": "", "name": "Mauritania" }, { "id": "", "name": "Brunei Darussalam" }, { "id": "", "name": "Guyana" }, { "id": "", "name": "Maldives" }, { "id": "", "name": "Haiti" }, { "id": "", "name": "Malawi" }, { "id": "", "name": "Jersey" }, { "id": "", "name": "Zimbabwe" }, { "id": "", "name": "Mali" }, { "id": "", "name": "Namibia" }, { "id": "", "name": "Gabon" }, { "id": "", "name": "Rwanda" }, { "id": "", "name": "Congo, Democratic Republic of the" }, { "id": "", "name": "Benin" }, { "id": "", "name": "Puerto Rico" }, { "id": "", "name": "Burkina Faso" }, { "id": "", "name": "Mozambique" }, { "id": "", "name": "South Sudan" }, { "id": "", "name": "Jamaica" }, { "id": "", "name": "Equatorial Guinea" }, { "id": "", "name": "El Salvador" }, { "id": "", "name": "Uganda" }, { "id": "", "name": "Zambia" }, { "id": "", "name": "Senegal" }, { "id": "", "name": "Togo" }, { "id": "", "name": "Cameroon" }, { "id": "", "name": "Madagascar" }, { "id": "", "name": "Honduras" }, { "id": "", "name": "Paraguay" }, { "id": "", "name": "Costa Rica" }, { "id": "", "name": "Croatia" }, { "id": "", "name": "Tunisia" }, { "id": "", "name": "Dominican Republic" }, { "id": "", "name": "Syrian Arab Republic" }, { "id": "", "name": "Bolivia, Plurinational State of" }, { "id": "", "name": "Andorra" }, { "id": "", "name": "South Georgia and the South Sandwich Islands" }, { "id": "", "name": "Georgia" }, { "id": "", "name": "Ethiopia" }, { "id": "", "name": "Papua New Guinea" }, { "id": "", "name": "Palestine" }, { "id": "", "name": "North Macedonia" }, { "id": "", "name": "Estonia" }, { "id": "", "name": "Central African Republic" }, { "id": "", "name": "Trinidad and Tobago" }, { "id": "", "name": "Botswana" }, { "id": "", "name": "Angola" }, { "id": "", "name": "Mauritius" }, { "id": "", "name": "Somalia" }, { "id": "", "name": "Mongolia" }, { "id": "", "name": "Malta" }, { "id": "", "name": "British Indian Ocean Territory" }, { "id": "", "name": "Tanzania, United Republic of" }, { "id": "", "name": "Sudan" }, { "id": "", "name": "Guam" }, { "id": "", "name": "Montenegro" }, { "id": "", "name": "Luxembourg" }, { "id": "", "name": "Nigeria" }, { "id": "", "name": "Kenya" }, { "id": "", "name": "Slovenia" }, { "id": "", "name": "Finland" }, { "id": "", "name": "Latvia" }, { "id": "", "name": "Slovakia" }, { "id": "", "name": "Albania" }, { "id": "", "name": "Lebanon" }, { "id": "", "name": "Ireland" }, { "id": "", "name": "Iraq" }, { "id": "", "name": "Kuwait" }, { "id": "", "name": "Greece" }, { "id": "", "name": "Hungary" }, { "id": "", "name": "Congo" }, { "id": "", "name": "Sweden" }, { "id": "", "name": "New Zealand" }, { "id": "", "name": "Guatemala" }, { "id": "", "name": "Cuba" }, { "id": "", "name": "Libya" }, { "id": "", "name": "Austria" }, { "id": "", "name": "Venezuela, Bolivarian Republic of" }, { "id": "", "name": "Uruguay" }, { "id": "", "name": "Panama" }, { "id": "", "name": "Nicaragua" }, { "id": "", "name": "Qatar" }, { "id": "", "name": "Yemen" }, { "id": "", "name": "Algeria" }, { "id": "", "name": "Egypt" }, { "id": "", "name": "South Africa" }, { "id": "", "name": "Fiji" }, { "id": "", "name": "Afghanistan" }, { "id": "", "name": "Kyrgyzstan" }, { "id": "", "name": "Tajikistan" }, { "id": "", "name": "Azerbaijan" }, { "id": "", "name": "Hong Kong" }, { "id": "", "name": "Cyprus" }, { "id": "", "name": "Bulgaria" }, { "id": "", "name": "Chile" }, { "id": "", "name": "Colombia" }, { "id": "", "name": "Uzbekistan" }, { "id": "", "name": "Myanmar" }, { "id": "", "name": "Ghana" }, { "id": "", "name": "Singapore" }, { "id": "", "name": "Armenia" }, { "id": "", "name": "Belgium" }, { "id": "", "name": "Portugal" }, { "id": "", "name": "Serbia" }, { "id": "", "name": "Iran, Islamic Republic of" }, { "id": "", "name": "Sri Lanka" }, { "id": "", "name": "Nepal" }, { "id": "", "name": "Bangladesh" }, { "id": "", "name": "India" }, { "id": "", "name": "Czechia" }, { "id": "", "name": "Denmark" }, { "id": "", "name": "Lithuania" }, { "id": "", "name": "Australia" }, { "id": "", "name": "Taiwan" }, { "id": "", "name": "Saudi Arabia" }, { "id": "", "name": "Jordan" }, { "id": "", "name": "China" }, { "id": "", "name": "United Arab Emirates" }, { "id": "", "name": "Netherlands" }, { "id": "", "name": "Norway" }, { "id": "", "name": "Argentina" }, { "id": "", "name": "Switzerland" }, { "id": "", "name": "Poland" }, { "id": "", "name": "Spain" }, { "id": "", "name": "Italy" }, { "id": "", "name": "Thailand" }, { "id": "", "name": "Peru" }, { "id": "", "name": "Canada" }, { "id": "", "name": "Japan" }, { "id": "", "name": "Moldova, Republic of" }, { "id": "", "name": "Belarus" }, { "id": "", "name": "Malaysia" }, { "id": "", "name": "Indonesia" }, { "id": "", "name": "Bosnia and Herzegovina" }, { "id": "", "name": "France" }, { "id": "", "name": "Germany" }, { "id": "", "name": "Romania" }, { "id": "", "name": "Oman" }, { "id": "", "name": "Morocco" }, { "id": "", "name": "Bahrain" }, { "id": "", "name": "Kazakhstan" }, { "id": "", "name": "Cambodia" }, { "id": "", "name": "Philippines" }, { "id": "", "name": "Ecuador" }, { "id": "", "name": "Mexico" }, { "id": "", "name": "Pakistan" }, { "id": "", "name": "United Kingdom of Great Britain and Northern Ireland" }, { "id": "", "name": "Ukraine" } ] }, "external_refs": [ "https://g0njxa.medium.com/profiling-traffic-cerberus-ex-amnesia-3758faba4385", "https://otx.alienvault.com/pulse/663de2a924a61f8a74567f55" ] }